fix: remove supported chains check (#29773)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/29773?quickstart=1)

## **Related issues**

Fixes: MetaMask/MetaMask-planning#3940

## **Manual testing steps**

1. Go to the test dapp
2. Perform transactions and signatures in the section `PPOM - Malicious
Transactions and Signatures`
3. Test one previous supported chain and another chain outside the list
below:

```
// previous supported chains
ARBITRUM = '0xa4b1'
AVALANCHE = '0xa86a'
BASE = '0x2105'
BERACHAIN = '0x138d4'
BSC = '0x38'
LINEA_MAINNET = '0xe708'
MAINNET = '0x1'
METACHAIN_ONE = '0x1b6e6'
OPBNB = '0xcc'
OPTIMISM = '0xa'
POLYGON = '0x89'
SCROLL = '0x82750'
SEPOLIA = '0xaa36a7'
ZKSYNC_ERA = '0x144'
```


## **Screenshots/Recordings**

[Screencast from 2025-01-28
14-56-38.webm](https://github.com/user-attachments/assets/a7fdf9ca-d34d-407b-93b9-5191e6279ca1)

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

Author: vinistevam

app/scripts/lib/ppom/ppom-middleware.test.ts

@@ -12,7 +12,6 @@ import { createPPOMMiddleware, PPOMMiddlewareRequest } from './ppom-middleware';
 import {
   generateSecurityAlertId,
   handlePPOMError,
-  isChainSupported,
   validateRequestWithPPOM,
 } from './ppom-util';
 import { SecurityAlertResponse } from './types';
@@ -106,15 +105,13 @@ const createMiddleware = (
 describe('PPOMMiddleware', () => {
   const generateSecurityAlertIdMock = jest.mocked(generateSecurityAlertId);
   const handlePPOMErrorMock = jest.mocked(handlePPOMError);
-  const isChainSupportedMock = jest.mocked(isChainSupported);
   const detectSIWEMock = jest.mocked(detectSIWE);
 
   beforeEach(() => {
     jest.resetAllMocks();
 
     generateSecurityAlertIdMock.mockReturnValue(SECURITY_ALERT_ID_MOCK);
     handlePPOMErrorMock.mockReturnValue(SECURITY_ALERT_RESPONSE_MOCK);
-    isChainSupportedMock.mockResolvedValue(true);
     detectSIWEMock.mockReturnValue({ isSIWEMessage: false } as SIWEMessage);
 
     globalThis.sentry = {
@@ -145,9 +142,7 @@ describe('PPOMMiddleware', () => {
       () => undefined,
     );
 
-    expect(req.securityAlertResponse?.reason).toBe(
-      BlockaidReason.checkingChain,
-    );
+    expect(req.securityAlertResponse?.reason).toBe(BlockaidReason.inProgress);
     expect(req.securityAlertResponse?.result_type).toBe(
       BlockaidResultType.Loading,
     );

app/scripts/lib/ppom/ppom-middleware.ts

@@ -13,9 +13,9 @@ import { MESSAGE_TYPE } from '../../../../shared/constants/app';
 import { SIGNING_METHODS } from '../../../../shared/constants/transaction';
 import { PreferencesController } from '../../controllers/preferences-controller';
 import { AppStateController } from '../../controllers/app-state-controller';
-import { SECURITY_ALERT_RESPONSE_CHECKING_CHAIN } from '../../../../shared/constants/security-provider';
 import { getProviderConfig } from '../../../../shared/modules/selectors/networks';
 import { trace, TraceContext, TraceName } from '../../../../shared/lib/trace';
+import { LOADING_SECURITY_ALERT_RESPONSE } from '../../../../shared/constants/security-provider';
 import {
   generateSecurityAlertId,
   handlePPOMError,
@@ -118,18 +118,18 @@ export function createPPOMMiddleware<
           }),
       );
 
-      const securityAlertResponseCheckingChain: SecurityAlertResponse = {
-        ...SECURITY_ALERT_RESPONSE_CHECKING_CHAIN,
+      const securityAlertResponseLoading: SecurityAlertResponse = {
+        ...LOADING_SECURITY_ALERT_RESPONSE,
         securityAlertId,
       };
 
       if (SIGNING_METHODS.includes(req.method)) {
         appStateController.addSignatureSecurityAlertResponse(
-          securityAlertResponseCheckingChain,
+          securityAlertResponseLoading,
         );
       }
 
-      req.securityAlertResponse = securityAlertResponseCheckingChain;
+      req.securityAlertResponse = securityAlertResponseLoading;
     } catch (error) {
       req.securityAlertResponse = handlePPOMError(
         error,

app/scripts/lib/ppom/ppom-util.test.ts

@@ -15,13 +15,11 @@ import {
   BlockaidReason,
   BlockaidResultType,
   LOADING_SECURITY_ALERT_RESPONSE,
-  SECURITY_ALERT_RESPONSE_CHAIN_NOT_SUPPORTED,
   SecurityAlertSource,
 } from '../../../../shared/constants/security-provider';
 import { AppStateController } from '../../controllers/app-state-controller';
 import {
   generateSecurityAlertId,
-  isChainSupported,
   METHOD_SIGN_TYPED_DATA_V3,
   METHOD_SIGN_TYPED_DATA_V4,
   updateSecurityAlertResponse,
@@ -114,10 +112,6 @@ describe('PPOM Utils', () => {
   const normalizeTransactionParamsMock = jest.mocked(
     normalizeTransactionParams,
   );
-  const getSupportedChainIdsMock = jest.spyOn(
-    securityAlertAPI,
-    'getSecurityAlertsAPISupportedChainIds',
-  );
   let isSecurityAlertsEnabledMock: jest.SpyInstance;
 
   const updateSecurityAlertResponseMock = jest.fn();
@@ -308,23 +302,6 @@ describe('PPOM Utils', () => {
         });
       },
     );
-
-    it('updates response indicating chain is not supported', async () => {
-      const ppomController = {} as PPOMController;
-      const CHAIN_ID_UNSUPPORTED_MOCK = '0x2';
-
-      await validateRequestWithPPOM({
-        ...validateRequestWithPPOMOptionsBase,
-        ppomController,
-        chainId: CHAIN_ID_UNSUPPORTED_MOCK,
-      });
-
-      expect(updateSecurityAlertResponseMock).toHaveBeenCalledWith(
-        validateRequestWithPPOMOptionsBase.request.method,
-        SECURITY_ALERT_ID_MOCK,
-        SECURITY_ALERT_RESPONSE_CHAIN_NOT_SUPPORTED,
-      );
-    });
   });
 
   describe('generateSecurityAlertId', () => {
@@ -457,36 +434,4 @@ describe('PPOM Utils', () => {
       );
     });
   });
-
-  describe('isChainSupported', () => {
-    describe('when security alerts API is enabled', () => {
-      beforeEach(async () => {
-        isSecurityAlertsEnabledMock.mockReturnValue(true);
-        getSupportedChainIdsMock.mockResolvedValue([CHAIN_ID_MOCK]);
-      });
-
-      it('returns true if chain is supported', async () => {
-        expect(await isChainSupported(CHAIN_ID_MOCK)).toStrictEqual(true);
-      });
-
-      it('returns false if chain is not supported', async () => {
-        expect(await isChainSupported('0x2')).toStrictEqual(false);
-      });
-
-      it('returns correctly if security alerts API throws', async () => {
-        getSupportedChainIdsMock.mockRejectedValue(new Error('Test Error'));
-        expect(await isChainSupported(CHAIN_ID_MOCK)).toStrictEqual(true);
-      });
-    });
-
-    describe('when security alerts API is disabled', () => {
-      it('returns true if chain is supported', async () => {
-        expect(await isChainSupported(CHAIN_ID_MOCK)).toStrictEqual(true);
-      });
-
-      it('returns false if chain is not supported', async () => {
-        expect(await isChainSupported('0x2')).toStrictEqual(false);
-      });
-    });
-  });
 });

app/scripts/lib/ppom/ppom-util.ts

@@ -12,15 +12,12 @@ import {
   BlockaidReason,
   BlockaidResultType,
   LOADING_SECURITY_ALERT_RESPONSE,
-  SECURITY_ALERT_RESPONSE_CHAIN_NOT_SUPPORTED,
-  SECURITY_PROVIDER_SUPPORTED_CHAIN_IDS_FALLBACK_LIST,
   SecurityAlertSource,
 } from '../../../../shared/constants/security-provider';
 import { SIGNING_METHODS } from '../../../../shared/constants/transaction';
 import { AppStateController } from '../../controllers/app-state-controller';
 import { SecurityAlertResponse, UpdateSecurityAlertResponse } from './types';
 import {
-  getSecurityAlertsAPISupportedChainIds,
   isSecurityAlertsAPIEnabled,
   SecurityAlertsAPIRequest,
   validateWithSecurityAlertsAPI,
@@ -56,15 +53,6 @@ export async function validateRequestWithPPOM({
   updateSecurityAlertResponse: UpdateSecurityAlertResponse;
 }) {
   try {
-    if (!(await isChainSupported(chainId))) {
-      await updateSecurityResponse(
-        request.method,
-        securityAlertId,
-        SECURITY_ALERT_RESPONSE_CHAIN_NOT_SUPPORTED,
-      );
-      return;
-    }
-
     await updateSecurityResponse(
       request.method,
       securityAlertId,
@@ -151,22 +139,6 @@ export function handlePPOMError(
   };
 }
 
-export async function isChainSupported(chainId: Hex): Promise<boolean> {
-  let supportedChainIds = SECURITY_PROVIDER_SUPPORTED_CHAIN_IDS_FALLBACK_LIST;
-
-  try {
-    if (isSecurityAlertsAPIEnabled()) {
-      supportedChainIds = await getSecurityAlertsAPISupportedChainIds();
-    }
-  } catch (error: unknown) {
-    handlePPOMError(
-      error,
-      `Error fetching supported chains from security alerts API`,
-    );
-  }
-  return supportedChainIds.includes(chainId as Hex);
-}
-
 function normalizePPOMRequest(
   request: PPOMRequest | JsonRpcRequest,
 ): PPOMRequest | JsonRpcRequest {

app/scripts/lib/ppom/security-alerts-api.test.ts

@@ -3,7 +3,6 @@ import {
   BlockaidResultType,
 } from '../../../../shared/constants/security-provider';
 import {
-  getSecurityAlertsAPISupportedChainIds,
   isSecurityAlertsAPIEnabled,
   validateWithSecurityAlertsAPI,
 } from './security-alerts-api';
@@ -95,31 +94,4 @@ describe('Security Alerts API', () => {
       expect(isEnabled).toBe(false);
     });
   });
-
-  describe('getSecurityAlertsAPISupportedChainIds', () => {
-    it('sends GET request', async () => {
-      const SUPPORTED_CHAIN_IDS_MOCK = ['0x1', '0x2'];
-      fetchMock.mockResolvedValue({
-        ok: true,
-        json: async () => SUPPORTED_CHAIN_IDS_MOCK,
-      });
-      const response = await getSecurityAlertsAPISupportedChainIds();
-
-      expect(response).toEqual(SUPPORTED_CHAIN_IDS_MOCK);
-
-      expect(fetchMock).toHaveBeenCalledTimes(1);
-      expect(fetchMock).toHaveBeenCalledWith(
-        `${BASE_URL}/supportedChains`,
-        undefined,
-      );
-    });
-
-    it('throws an error if response is not ok', async () => {
-      fetchMock.mockResolvedValue({ ok: false, status: 404 });
-
-      await expect(getSecurityAlertsAPISupportedChainIds()).rejects.toThrow(
-        'Security alerts API request failed with status: 404',
-      );
-    });
-  });
 });

app/scripts/lib/ppom/security-alerts-api.ts

@@ -1,8 +1,7 @@
-import { Hex, JsonRpcRequest } from '@metamask/utils';
+import { JsonRpcRequest } from '@metamask/utils';
 import { SecurityAlertResponse } from './types';
 
 const ENDPOINT_VALIDATE = 'validate';
-const ENDPOINT_SUPPORTED_CHAINS = 'supportedChains';
 
 type SecurityAlertsAPIRequestBody = {
   method: string;
@@ -36,10 +35,6 @@ export async function validateWithSecurityAlertsAPI(
   });
 }
 
-export async function getSecurityAlertsAPISupportedChainIds(): Promise<Hex[]> {
-  return request(ENDPOINT_SUPPORTED_CHAINS);
-}
-
 async function request(endpoint: string, options?: RequestInit) {
   const url = getUrl(endpoint);
 

app/scripts/lib/transaction/util.test.ts

@@ -9,7 +9,6 @@ import { UserOperationController } from '@metamask/user-operation-controller';
 import { cloneDeep } from 'lodash';
 import {
   generateSecurityAlertId,
-  isChainSupported,
   validateRequestWithPPOM,
 } from '../ppom/ppom-util';
 import {
@@ -100,7 +99,6 @@ describe('Transaction Utils', () => {
   let userOperationController: jest.Mocked<UserOperationController>;
   const validateRequestWithPPOMMock = jest.mocked(validateRequestWithPPOM);
   const generateSecurityAlertIdMock = jest.mocked(generateSecurityAlertId);
-  const isChainSupportedMock = jest.mocked(isChainSupported);
 
   beforeEach(() => {
     jest.resetAllMocks();
@@ -125,7 +123,6 @@ describe('Transaction Utils', () => {
     });
 
     generateSecurityAlertIdMock.mockReturnValue(SECURITY_ALERT_ID_MOCK);
-    isChainSupportedMock.mockResolvedValue(true);
 
     request.transactionController = transactionController;
     request.userOperationController = userOperationController;
@@ -399,7 +396,7 @@ describe('Transaction Utils', () => {
         ).toHaveBeenCalledWith(TRANSACTION_PARAMS_MOCK, {
           ...TRANSACTION_OPTIONS_MOCK,
           securityAlertResponse: {
-            reason: BlockaidReason.checkingChain,
+            reason: BlockaidReason.inProgress,
             result_type: BlockaidResultType.Loading,
             securityAlertId: SECURITY_ALERT_ID_MOCK,
           },

app/scripts/lib/transaction/util.ts

@@ -24,7 +24,7 @@ import {
   UpdateSecurityAlertResponse,
 } from '../ppom/types';
 import {
-  SECURITY_ALERT_RESPONSE_CHECKING_CHAIN,
+  LOADING_SECURITY_ALERT_RESPONSE,
   SECURITY_PROVIDER_EXCLUDED_TRANSACTION_TYPES,
 } from '../../../../shared/constants/security-provider';
 import { endTrace, TraceName } from '../../../../shared/lib/trace';
@@ -287,13 +287,13 @@ async function validateSecurity(request: AddTransactionRequest) {
       updateSecurityAlertResponse,
     });
 
-    const securityAlertResponseCheckingChain: SecurityAlertResponse = {
-      ...SECURITY_ALERT_RESPONSE_CHECKING_CHAIN,
+    const securityAlertResponseLoading: SecurityAlertResponse = {
+      ...LOADING_SECURITY_ALERT_RESPONSE,
       securityAlertId,
     };
 
     request.transactionOptions.securityAlertResponse =
-      securityAlertResponseCheckingChain;
+      securityAlertResponseLoading;
   } catch (error) {
     handlePPOMError(error, 'Error validating JSON RPC using PPOM: ');
   }

shared/constants/security-provider.ts

@@ -1,9 +1,7 @@
-import { Hex } from '@metamask/utils';
 import {
   SecurityAlertResponse,
   TransactionType,
 } from '@metamask/transaction-controller';
-import { CHAIN_IDS } from './network';
 
 export enum SecurityProvider {
   Blockaid = 'blockaid',
@@ -57,8 +55,6 @@ export enum BlockaidReason {
   errored = 'Error',
   notApplicable = 'NotApplicable',
   inProgress = 'validation_in_progress',
-  checkingChain = 'CheckingChain',
-  chainNotSupported = 'ChainNotSupported',
 }
 
 export enum BlockaidResultType {
@@ -77,23 +73,6 @@ export const FALSE_POSITIVE_REPORT_BASE_URL =
 
 export const SECURITY_PROVIDER_UTM_SOURCE = 'metamask-ppom';
 
-export const SECURITY_PROVIDER_SUPPORTED_CHAIN_IDS_FALLBACK_LIST: Hex[] = [
-  CHAIN_IDS.ARBITRUM,
-  CHAIN_IDS.AVALANCHE,
-  CHAIN_IDS.BASE,
-  CHAIN_IDS.BSC,
-  CHAIN_IDS.LINEA_MAINNET,
-  CHAIN_IDS.MAINNET,
-  CHAIN_IDS.OPBNB,
-  CHAIN_IDS.OPTIMISM,
-  CHAIN_IDS.POLYGON,
-  CHAIN_IDS.SEPOLIA,
-  CHAIN_IDS.ZKSYNC_ERA,
-  CHAIN_IDS.SCROLL,
-  CHAIN_IDS.BERACHAIN,
-  CHAIN_IDS.METACHAIN_ONE,
-];
-
 export const SECURITY_PROVIDER_EXCLUDED_TRANSACTION_TYPES = [
   TransactionType.swap,
   TransactionType.swapApproval,
@@ -107,17 +86,6 @@ export const LOADING_SECURITY_ALERT_RESPONSE: SecurityAlertResponse = {
   reason: BlockaidReason.inProgress,
 };
 
-export const SECURITY_ALERT_RESPONSE_CHECKING_CHAIN: SecurityAlertResponse = {
-  result_type: BlockaidResultType.Loading,
-  reason: BlockaidReason.checkingChain,
-};
-
-export const SECURITY_ALERT_RESPONSE_CHAIN_NOT_SUPPORTED: SecurityAlertResponse =
-  {
-    result_type: BlockaidResultType.Benign,
-    reason: BlockaidReason.chainNotSupported,
-  };
-
 export enum SecurityAlertSource {
   /** Validation performed remotely using the Security Alerts API. */
   API = 'api',

test/data/confirmations/typed_sign.ts

@@ -203,7 +203,7 @@ export const seaportSignatureMsg = {
   networkClientId: 'mainnet',
   securityAlertResponse: {
     result_type: 'loading',
-    reason: 'CheckingChain',
+    reason: 'validation_in_progress',
     securityAlertId: 'def3b0ef-c96b-4c87-b1b1-c69cc02a0f78',
   },
   status: 'unapproved',